Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen and Windows crashes - Bad Pool Caller


  • Please log in to reply
7 replies to this topic

#1 Calvin42220

Calvin42220

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 18 May 2009 - 12:24 PM

Hello

My first post...

Laptop : HP Pavillon Ze2120 - XP SP3

For a few weeks now i got randomely blue screen - "Bad Pool Caller" and memory dump. I try to start fixing the problem some days ago by format my hard drive and reinstall windows XP. But just a moment after the windows installation was over and my AVGfree antivirus is ready, the blue screen appeared again.

I was looking on the web to get some answers and here I am now :

* I run "a-squared Anti-Malware" which found "Trojan_Dropper.Agent!IK" and I hope it fix this problem

* I run the "driver verifier" and I get the following message :
wmiacpi.sys (VDM DRIVER ERROR 20e)
[wmiacpi.sys+152f at F794C52F]

* I run "chkdsk/r" and it didn't found anything

* I found on your forum the post "How to receive help diagnosing Blue Screens and Windows crashes" made by usasma.
I download "Debugging Tools for Windows" and follow the instructions for loading "Symbol File Path" and run an analyse :
Here's the result :


Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini051809-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Mon May 18 10:34:33.359 2009 (GMT-6)
System Uptime: 0 days 1:04:15.933
Loading Kernel Symbols
...............................................................
................................................................
.........
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 8fa4, 89262ea0}

GetUlongFromAddress: unable to read from 8055c670
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for mdmxsdk.sys
*** WARNING: Unable to verify timestamp for avgldx86.sys
*** ERROR: Module load completed but symbols could not be loaded for avgldx86.sys
*** WARNING: Unable to verify timestamp for avgtdix.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdix.sys
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for ialmrnt5.dll
*** ERROR: Module load completed but symbols could not be loaded for ialmrnt5.dll
*** WARNING: Unable to verify timestamp for ialmdnt5.dll
*** ERROR: Module load completed but symbols could not be loaded for ialmdnt5.dll
*** WARNING: Unable to verify timestamp for ialmdev5.DLL
*** ERROR: Module load completed but symbols could not be loaded for ialmdev5.DLL
*** WARNING: Unable to verify timestamp for ialmdd5.DLL
*** ERROR: Module load completed but symbols could not be loaded for ialmdd5.DLL
*** WARNING: Unable to verify timestamp for SynTP.sys
*** ERROR: Module load completed but symbols could not be loaded for SynTP.sys
*** WARNING: Unable to verify timestamp for HSF_CNXT.sys
*** ERROR: Module load completed but symbols could not be loaded for HSF_CNXT.sys
*** WARNING: Unable to verify timestamp for HSF_DP.sys
*** ERROR: Module load completed but symbols could not be loaded for HSF_DP.sys
*** WARNING: Unable to verify timestamp for HSFHWICH.sys
*** ERROR: Module load completed but symbols could not be loaded for HSFHWICH.sys
*** WARNING: Unable to verify timestamp for camc6hal.sys
*** ERROR: Module load completed but symbols could not be loaded for camc6hal.sys
*** WARNING: Unable to verify timestamp for tifm21.sys
*** ERROR: Module load completed but symbols could not be loaded for tifm21.sys
*** WARNING: Unable to verify timestamp for w29n51.sys
*** ERROR: Module load completed but symbols could not be loaded for w29n51.sys
*** WARNING: Unable to verify timestamp for Rtlnicxp.sys
*** ERROR: Module load completed but symbols could not be loaded for Rtlnicxp.sys
*** WARNING: Unable to verify timestamp for ialmnt5.sys
*** ERROR: Module load completed but symbols could not be loaded for ialmnt5.sys
*** WARNING: Unable to verify timestamp for camc6aud.sys
*** ERROR: Module load completed but symbols could not be loaded for camc6aud.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for drmk.sys -
*** WARNING: Unable to verify timestamp for avgmfx86.sys
*** ERROR: Module load completed but symbols could not be loaded for avgmfx86.sys
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
GetUlongFromAddress: unable to read from 8055c670
Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00008fa4, Memory contents of the pool block
Arg4: 89262ea0, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055c670
GetUlongFromAddress: unable to read from 8055c670

POOL_ADDRESS: 89262ea0

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 5

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: SynTPEnh.exe

LAST_CONTROL_TRANSFER: from 80544b06 to 804f8cc5

STACK_TEXT:
aa87b674 80544b06 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
aa87b6c4 8051062c 89262ea0 00000000 89265628 nt!ExFreePoolWithTag+0x2a0
aa87b700 805c8a1d 012654f0 89d2cbd0 40010004 nt!MmCleanProcessAddressSpace+0x26c
aa87b7c0 805c8b01 40010004 aa87b81c 804fdbed nt!PspExitThread+0x6c3
aa87b7cc 804fdbed 89d2cbd0 aa87b818 aa87b80c nt!PsExitSpecialApc+0x23
aa87b81c 8053d6b1 00000001 00000000 aa87b834 nt!KiDeliverApc+0x1af
aa87b81c 7c90e460 00000001 00000000 aa87b834 nt!KiServiceExit+0x58
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012feb8 00000000 00000000 00000000 00000000 0x7c90e460


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a0
80544b06 8b45f8 mov eax,dword ptr [ebp-8]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2a0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3

FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

Followup: MachineOwner
---------


Questions:
1. What is the next diagnostic step or additional information needed, and
2. What else should I do to get rid of this problem ?

Thanks

PS : I hope my explanations are clear cause I'm not and english speaker.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:15 PM

Posted 18 May 2009 - 01:36 PM

Hi :thumbsup:.

http://www.liutilities.com/products/wintas...brary/syntpenh/

I would try uninstalling the touchpad drivers and replacing same....I might even disable the touchpad for a short time and see if the error persists with the touchpad disabled.

Louis

#3 Calvin42220

Calvin42220
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 18 May 2009 - 02:31 PM

Hi

Thank you. I'll try that.

How do you know that my touchpad could be the problem ?

Sebastien

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:15 PM

Posted 18 May 2009 - 04:38 PM

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: SynTPEnh.exe

LAST_CONTROL_TRANSFER: from 80544b06 to 804f8cc5

See the link I previously provided.

These...plus the fact that Bad Pool Caller errors are typically some sort of driver doing something in memory that it's not supposed to...led to my suggestion.

Files get damaged/corrupt and do strange things...like attempting memory access which Windows doesn't like.

Just the way I approach these things, another shot in the dark :thumbsup:.

Louis

#5 Calvin42220

Calvin42220
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 18 May 2009 - 07:06 PM

So, there'll be one more crash which happens when I turn on my USB hard drive.

Here's the log :


Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini051809-07.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Mon May 18 17:56:30.640 2009 (GMT-6)
System Uptime: 0 days 4:24:00.225
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 8ed0, 891e0e98}

GetUlongFromAddress: unable to read from 8055c670
*** WARNING: Unable to verify timestamp for HSF_CNXT.sys
*** ERROR: Module load completed but symbols could not be loaded for HSF_CNXT.sys
*** WARNING: Unable to verify timestamp for HSF_DP.sys
*** ERROR: Module load completed but symbols could not be loaded for HSF_DP.sys
*** WARNING: Unable to verify timestamp for HSFHWICH.sys
*** ERROR: Module load completed but symbols could not be loaded for HSFHWICH.sys
*** ERROR: Module load completed but symbols could not be loaded for mdmxsdk.sys
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for avgldx86.sys
*** ERROR: Module load completed but symbols could not be loaded for avgldx86.sys
*** WARNING: Unable to verify timestamp for avgtdix.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdix.sys
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for ialmrnt5.dll
*** ERROR: Module load completed but symbols could not be loaded for ialmrnt5.dll
*** WARNING: Unable to verify timestamp for ialmdnt5.dll
*** ERROR: Module load completed but symbols could not be loaded for ialmdnt5.dll
*** WARNING: Unable to verify timestamp for ialmdev5.DLL
*** ERROR: Module load completed but symbols could not be loaded for ialmdev5.DLL
*** WARNING: Unable to verify timestamp for ialmdd5.DLL
*** ERROR: Module load completed but symbols could not be loaded for ialmdd5.DLL
*** WARNING: Unable to verify timestamp for camc6hal.sys
*** ERROR: Module load completed but symbols could not be loaded for camc6hal.sys
*** WARNING: Unable to verify timestamp for tifm21.sys
*** ERROR: Module load completed but symbols could not be loaded for tifm21.sys
*** WARNING: Unable to verify timestamp for w29n51.sys
*** ERROR: Module load completed but symbols could not be loaded for w29n51.sys
*** WARNING: Unable to verify timestamp for Rtlnicxp.sys
*** ERROR: Module load completed but symbols could not be loaded for Rtlnicxp.sys
*** WARNING: Unable to verify timestamp for ialmnt5.sys
*** ERROR: Module load completed but symbols could not be loaded for ialmnt5.sys
*** WARNING: Unable to verify timestamp for camc6aud.sys
*** ERROR: Module load completed but symbols could not be loaded for camc6aud.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for drmk.sys -
*** WARNING: Unable to verify timestamp for avgmfx86.sys
*** ERROR: Module load completed but symbols could not be loaded for avgmfx86.sys
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
GetUlongFromAddress: unable to read from 8055c670
Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 00008ed0, Memory contents of the pool block
Arg4: 891e0e98, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055c670
GetUlongFromAddress: unable to read from 8055c670

POOL_ADDRESS: 891e0e98

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 7

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 80544b06 to 804f8cc5

STACK_TEXT:
f78f6cb4 80544b06 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
f78f6d04 805b6ad9 891e0e98 e56c6946 89e78ec0 nt!ExFreePoolWithTag+0x2a0
f78f6d28 805b0b1e 891e0ea0 00000000 00000000 nt!ObpFreeObject+0x18d
f78f6d40 80522bd1 891e0eb8 00000000 00000000 nt!ObpRemoveObjectRoutine+0xe8
f78f6d64 80507e8c 805586d4 89c9a830 00000000 nt!ObfDereferenceObject+0x5f
f78f6d8c 8050963e e17b1548 00000000 89e51288 nt!MiSegmentDelete+0xdc
f78f6dac 805c61ec 00000000 00000000 00000000 nt!MiDereferenceSegmentThread+0x9e
f78f6ddc 80541de2 805095a0 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a0
80544b06 8b45f8 mov eax,dword ptr [ebp-8]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2a0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 498c11d3

FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

Followup: MachineOwner
---------


More solutions ?

Thanks

Sebastien

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:15 PM

Posted 19 May 2009 - 07:22 AM

If you have no crashes when not connecting a USB device...I would have to guess that the problem lies with your USB drivers.

It also could be due to your USB drive itself...particularly so if there are no crashes when such is not connected.

You might try going to Device Manager...uninstalling all USB controllers...and then rebooting. If the USB controllers are damaged, this should install new USB drivers.

You have thoroughly scanned this system for malware, right?

IMO, that should have been the first thing to assure oneself of...when the system suddenly develops problems.

Louis

Edited by hamluis, 19 May 2009 - 07:22 AM.


#7 Calvin42220

Calvin42220
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 21 May 2009 - 10:33 PM

Hi

I would like to thanks you for taking some time for giving some answers to fix my problem.
During the past 3 days, i tried to fix my problem and after each blue screen i run "Debugging Tools for Windows" and looked as you did where was the problem. One time it was tdi.sys, next time it was afd.sys, next time : svxhost.exe... I didn't know what to do until i found a forum where some guys have that kind of problem with a firewall named kerio. I never installed Kerio on my computer but I tried to desintalled the one I have : Outpost and for two days (and I crossed my fingers) I didn't have any blue screen.

Thanks again

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:15 PM

Posted 22 May 2009 - 11:50 AM

Feedback appreciated :thumbsup:.

I have been using the Kerio/Sunbelt firewall for over 5 years now...and I've never known it to cause any problem of the sort you described.

But...firewalls have drivers and any driver can become corrupt and cause system problems...so I will assume that your firewall drivers became damaged and contributed to the problem.

Thanks for being persevering and posting what seems to be a happy resolution.

Happy computing :flowers:.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users